Lucene search
K

13 matches found

NVD
NVD
added 2 days ago4 views

CVE-2026-36214

osTicket versions from 1.10 up to 1.17.7 and from 1.18.0 up to 1.18.3 are vulnerable to a stored XSS due to a vulnerable Bootstrap Tooltip component and insufficient HTML sanitization, allowing remote attackers to execute arbitrary JavaScript in Agent or Admin sessions...

5.4CVSS0.00392EPSS
Exploits2References6
Cvelist
Cvelist
added 2 days ago25 views

CVE-2026-36214

osTicket versions from 1.10 up to 1.17.7 and from 1.18.0 up to 1.18.3 are vulnerable to a stored XSS due to a vulnerable Bootstrap Tooltip component and insufficient HTML sanitization, allowing remote attackers to execute arbitrary JavaScript in Agent or Admin sessions...

0.00392EPSS
Exploits2References6
CVE
CVE
added 2 days ago5 views

CVE-2026-36214

CVE-2026-36214 — osTicket Stored XSS affects osTicket versions 1.10–1.17.7 and 1.18.0–1.18.3 due to a vulnerable Bootstrap Tooltip (3.3.4) and insufficient HTML sanitization. The attack stores a malicious JS payload in a ticket attachment and executes it when an Agent/Admin views the ticket, enab...

5.4CVSS6.3AI score0.00392EPSS
Exploits2References6
OSV
OSV
added 2026/05/19 12:0 a.m.12 views

MAL-2026-3864 Malicious code in @antv/coord (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.13 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of enforceable write limits on the POST /sessions/:sessionKey/kill endpoint, allowing callers...

5.4CVSS5.8AI score0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.4 views

CVE-2026-32048

OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessionsspawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit this to spawn child runtimes with sandbox.mode set ...

9.9CVSS5.8AI score0.00281EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/21 3:31 a.m.4 views

EUVD-2026-13943

OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessionsspawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit this to spawn child runtimes with sandbox.mode set ...

7.7CVSS5.8AI score0.00281EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/05 9:59 p.m.2 views

CVE-2026-28482 OpenClaw < 2026.2.12 - Path Traversal via Unsanitized sessionId and sessionFile Parameters

OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to...

8.4CVSS5.9AI score0.00136EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.7 views

PT-2026-23557

OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to...

8.4CVSS6AI score0.00136EPSS
Exploits0References5
Hacker One
Hacker One
added 2017/06/19 12:48 a.m.17 views

GoCD: Spring security configuration allows agent sessions to be hijacked

Summary ======= If agents have successfully logged in, then unauthenticated requests to /go/agent-websocket or /go/remoting/ will randomly succeed sometimes. Description ======== The deprecated X509ProcessingFilter apparently does not work without a HttpSessionContextIntegrationFilter earlier on...

0.4AI score
Exploits0
NVD
NVD
added 2014/02/14 3:55 p.m.21 views

CVE-2012-0062

Red Hat JBoss Operations Network JON before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token...

5.8CVSS6.7AI score0.0112EPSS
Exploits1References3
Cvelist
Cvelist
added 2014/02/14 3:0 p.m.34 views

CVE-2012-0062

Red Hat JBoss Operations Network JON before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token...

6.7AI score0.0112EPSS
Exploits1References3
CVE
CVE
added 2014/02/14 3:0 p.m.70 views

CVE-2012-0062

Red Hat JBoss Operations Network (JBoss ON) is affected by CVE-2012-0062. Versions affected: JON before 2.4.2 and 3.0.x before 3.0.1. Root cause: an agent registration request could be processed without a valid security token. Impact: remote attackers can hijack an approved agent’s session and st...

5.8CVSS6.9AI score0.0112EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder